From: Brendan Le Foll <brendan.le.f...@intel.com> Because of the SSLv3 POODLE vulnerability, it's preferred to simply disable SSLv3 even if patched with the TLS_FALLBACK_SCSV
Signed-off-by: Brendan Le Foll <brendan.le.f...@intel.com> --- meta/recipes-connectivity/openssl/openssl.inc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-connectivity/openssl/openssl.inc b/meta/recipes-connectivity/openssl/openssl.inc index 6eb1b5e..f42b1ea 100644 --- a/meta/recipes-connectivity/openssl/openssl.inc +++ b/meta/recipes-connectivity/openssl/openssl.inc @@ -16,6 +16,9 @@ SRC_URI = "http://www.openssl.org/source/openssl-${PV}.tar.gz \ S = "${WORKDIR}/openssl-${PV}" PACKAGECONFIG[perl] = ",,," +# Remove this to enable SSLv3. SSLv3 is defaulted to disabled due to the POODLE +# vulnerability +PACKAGECONFIG[ssl3] = "--enable-ssl3, --no-ssl3,," AR_append = " r" # Avoid binaries being marked as requiring an executable stack since it -- 2.2.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
